Can't change lighttpd's port for HaProxy reverse proxy Topic is solved
Re: Can't change lighttpd's port for HaProxy reverse proxy
yes it's going to recreated all the files. Is the service set to active now ?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Re: Can't change lighttpd's port for HaProxy reverse proxy
I can use the haproxy command! We're getting somewhere. Now it's just a config problem on my end, as per the validation command. Will let you know if I get it working!
Re: Can't change lighttpd's port for HaProxy reverse proxy
Alright, so it looks like it's working! HaProxy is passing example.com connections to port 8080, where lighttpd is.
I only have two problems now:
- I might use SSL pass-through instead of SSL termination for my servers. This would mean I'd only need to run certbot once for each subdomain used and not have to manually renew it. However, it also means that I need to set up lighttpd to use SSL on port 8080, somehow.
- I'm having a problem getting my gitea instance seen by haproxy. It's set to pass through git.example.com connections to port 3000, but I don't know if I've done it right as it's just passing it through to lighttpd.
Any tips for any of this? I'd really appreciate it. Also, thanks a lot for sticking with me through all of this. I really hope this isn't getting annoying!
I only have two problems now:
- I might use SSL pass-through instead of SSL termination for my servers. This would mean I'd only need to run certbot once for each subdomain used and not have to manually renew it. However, it also means that I need to set up lighttpd to use SSL on port 8080, somehow.
- I'm having a problem getting my gitea instance seen by haproxy. It's set to pass through git.example.com connections to port 3000, but I don't know if I've done it right as it's just passing it through to lighttpd.
Any tips for any of this? I'd really appreciate it. Also, thanks a lot for sticking with me through all of this. I really hope this isn't getting annoying!
Re: Can't change lighttpd's port for HaProxy reverse proxy
can you share you haproxy conf file?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Re: Can't change lighttpd's port for HaProxy reverse proxy
Code: Select all
global
# rsyslog is required for logging
#log /var/log local0
#log /var/log local1 notice
maxconn 64
log 127.0.0.1 local0 notice
# Jail directory
chroot /var/lib/haproxy
stats socket /run/haproxy.sock mode 660 level admin
stats timeout 30s
user root
group root
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind *:80
bind *:443
acl sub1 hdr_sub(host) -i example.com
acl sub2 hdr_sub(host) -i git.example.com
use_backend lighttpd_backend if sub1
use_backend gitea_backend if sub2
backend lighttpd_backend
mode http
option forwardfor
server lighttpd_server 127.0.0.1:8080
backend gitea_backend
mode http
option forwardfor
server gitea_server 127.0.0.1:3000
# Admin web page
listen stats
bind *:4264
stats enable
stats uri /
stats hide-version
stats auth admin:dietpi
Re: Can't change lighttpd's port for HaProxy reverse proxy
ok I adjusted the frontend section slidly. This will forward every request to lighttpd_backend except requests for git.example.com
But I need to say that I'm not an expert on HaProxy config files. There might better ways 
Code: Select all
frontend http-in
bind *:80
bind *:443
# acl sub1 hdr_sub(host) -i example.com
default_backend lighttpd_backend
acl sub2 hdr_sub(host) -i git.example.com
# use_backend lighttpd_backend if sub1
use_backend gitea_backend if sub2

Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Re: Can't change lighttpd's port for HaProxy reverse proxy
It's still not routing git.example.com to 127.0.0.1:3000... It seems like it's not reading the domain properly. Is there any help you can give there, or should I go to a different forum for specifically HaProxy stuff?
Re: Can't change lighttpd's port for HaProxy reverse proxy
This is the config file I'm using. And I'm able to reach gitea
global
# rsyslog is required for logging
#log /var/log local0
#log /var/log local1 notice
maxconn 64
log 127.0.0.1 local0 notice
# Jail directory
chroot /var/lib/haproxy
stats socket /run/haproxy.sock mode 660 level admin
stats timeout 30s
user root
group root
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
Did you cleared cache on your browser as well? Did your restart HaProxy service?
Yes indeed, consulting a pure HaProxy fucussing board might be a good option. These guys most probably more knowledgeable than we are.
global
# rsyslog is required for logging
#log /var/log local0
#log /var/log local1 notice
maxconn 64
log 127.0.0.1 local0 notice
# Jail directory
chroot /var/lib/haproxy
stats socket /run/haproxy.sock mode 660 level admin
stats timeout 30s
user root
group root
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
Code: Select all
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind *:80
bind *:443
# acl sub1 hdr_sub(host) -i example.com
default_backend lighttpd_backend
acl sub2 hdr_sub(host) -i git.example.com
# use_backend lighttpd_backend if sub1
use_backend gitea_backend if sub2
backend lighttpd_backend
mode http
option forwardfor
server lighttpd_server 127.0.0.1:8080
backend gitea_backend
mode http
option forwardfor
server gitea_server 127.0.0.1:3000
# Admin web page
listen stats
bind *:4264
stats enable
stats uri /
stats hide-version
stats auth admin:dietpi
Yes indeed, consulting a pure HaProxy fucussing board might be a good option. These guys most probably more knowledgeable than we are.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Re: Can't change lighttpd's port for HaProxy reverse proxy
It has suddenly struck me that Gitea is still using the normal domain (example.com:3000), rather than its subdomain (git.example.com), as well as using HTTPS on port 3000. Might it be redirecting to the top domain, which then sends it to lighttpd through HaProxy?
Re: Can't change lighttpd's port for HaProxy reverse proxy
There's a change in the problem. It's almost working, though!
It's accepting a connection on git.example.com and forwarding it to port 3000!
I'm getting this error on firefox:
SSL_ERROR_RX_RECORD_TOO_LONG
This is happening on both lighttpd and Gitea.
I think it has something to do with HaProxy. Are you any help here, or?
It's accepting a connection on git.example.com and forwarding it to port 3000!
I'm getting this error on firefox:
SSL_ERROR_RX_RECORD_TOO_LONG
This is happening on both lighttpd and Gitea.
I think it has something to do with HaProxy. Are you any help here, or?